<?php
/**
 * [Fengxu!] (C)2008-2009 SSBT Inc.
 * This is NOT a freeware, use is subject to license terms
 * $Id: sendpwd.php Sat Apr 12 09:56:54 GMT 2008 $
 * @author fengxu qq:250484464 <zhiming0824@163.com>
 * @version $Id 09:56:54$
 * @license fengxu
 */
require_once 'common.inc.php';
if($action=='found')
{
	$regemail = trim($regemail);
	$regemail = dhtmlentities($regemail);
	if(!eregi("[0-9a-zA-Z]+@[a-z0-9]{0,6}\.[com|cn|net|lan]{1}",$regemail))
	{
		adminmsg('邮件地址格式错误,请重新输入','login.php?action=login');
	}
	$pc = random(20);
	$reseturl = "http://172.16.18.253/controlcc/sendpwd.php?action=resetpwd&email=$regemail&pc=$pc";
	$subject = '网视通后台系统找回密码通知';
	$message = "<div style=\"width:500px;height:118px;border:1px solid blue\">尊敬的{$regemail}管理员你好：<br>你已经申请找回网视通后台密码，请点击下面的链接修改密码：<br><a href=\"$reseturl\">$reseturl</a><br><hr color=\"#0099FF\" /><br>联系QQ:<a target=blank href=tencent://message/?uin=250484464&Site=网视通&Menu=yes><img border=\"0\" SRC=http://wpa.qq.com/pa?p=1:250484464:3 alt=\"点击这里给我发消息\"></a></div>";
	require_once 'email_config.php';
	$ret = sendemail($regemail,$subject,$message,'');
	if($ret)
	{
		$db->query("INSERT INTO msys_secode (pc,utime,state) VALUES ('$pc','$timestamp','0')");
		adminmsg('邮件已经发送到你的邮箱，请尽快查看!','login.php?action=login');
	}
	else 
	{
		adminmsg('发送邮件失败,请重新输入','login.php?action=login');
	}
}
elseif ($action=='resetpwd')
{
	$email = trim($email);
	$pc = trim($pc);
	$pc = dhtmlentities($pc);
	$email = dhtmlentities($email);
	$csql = "SELECT * FROM msys_secode WHERE pc = '$pc'";
	$cquery = $db->query($csql);
	$crt = $db->fetch_array($cquery);
	if(!($crt&&$timestamp-$crt['utime']<3600&&$crt['state']==0))
	{
		adminmsg('URL地址非法');
	}
	$resetsubmit = $_POST['resetsubmit'];
	if (($_SERVER['REQUEST_METHOD']!='POST'||$resetsubmit))
	{
		include systemplate('resetpwd');
		exit();
	}
	$newpwd = dhtmlentities($newpwd);
	if(!eregi("[0-9a-zA-Z]+@[a-z0-9]{0,6}\.[com|cn|net|lan]{1}",$email))
	{
		adminmsg('非法链接！！');
	}
	if(!eregi("[a-zA-Z0-9]{20}",$pc))
	{
		adminmsg('非法链接！！');
	}
	if(!eregi("[a-zA-Z0-9]{6,15}",$newpwd))
	{
		adminmsg('密码格式错误，请输入6-15个英文或数字组合');
	}
	$newpwd = trim($newpwd);
	$md5pwd = md5($newpwd);
	$sql = "SELECT * FROM msys_members WHERE email='$email'";
	$query = $db->query($sql);
	if(!$rt = $db->fetch_array($query))
	{
		adminmsg('邮件地址错误','login.php?action=login');
	}
	else 
	{
		$upsql = "UPDATE msys_members SET password='$md5pwd' WHERE uid='$rt[uid]'";
		$db->query($upsql);
		$db->query("DELETE FROMR msys_secode WHERE sid = '$crt[sid]'");
		adminmsg('密码修改成功，请重新登录','login.php?action=login');
	}
}

?>